David has 25 years in Information Asset Protection Management including 6 years in digital forensic investigations and a total of 35 years in Information Technology.

David is currently the Chief Information Security Officer (CISO) for the State of Arizona, leading the Statewide Information Security & Privacy Office (SISPO). SISPO serves as the strategic planning, facilitation and coordination office for information technology security and the protection of the technology critical infrastructure in the State.

Current certifications:
• Distinguished Fellow Ponemon Institute (D.F.PI)
• Certified Information Security Manager (C.I.S.M.)
• Associate Institute of Information Security Professionals (A.IISP)
• Licensed Minister (Rev.)

Prior to the State of Arizona, David served with the City of New York at the Department of Investigation, for 7+ years, as Director; Digital Forensic Investigations and Director, NYC Citywide Information Security Program. David served for 1 year as the Director, Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management.

David previously was with ICSA.NET (TruSecureCorp/CyberTrust) as the Managing Director Product Certification, which included Anti-Virus, IPSec, Cryptology, Firewall and Biometrics. David served as the Information Security Officer for ICSA.NET.

During its startup, David was the Information Security Officer for Genuity.Net.
David was with American Express for 11½ years and served in several capacities including Director of worldwide network change and problem management; and led the creation of the worldwide Information Security group, being named the 1st Corporate Information Security Officer for AMEX worldwide operations in 1989. David served on the AMEX Privacy Council and was the Technology representative to the Corporate Compliance group.
In 1982, David developed and implemented one of the first formalized corporate security programs in the country, including DRP, Change Control, physical Computer Center security and Data Security, at Central and South West Services Company in Dallas, TX.

David served in the U.S. Navy from 1968 to 1971, with a specialization in calibration of test equipment and is qualified as an expert in 4 phases of calibration. David studied Behavioral Science at Grand Canyon College before entering the U.S. Navy.

Bio:

Mike Shema, security research engineer at Qualys, is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. He has extensive experience with information security, with particular expertise in the realm web application security. He is currently developing tools that automate the web application audit process. His prior experience includes research and development at NT Objectives, Inc. and information security consulting at Foundstone and Booz Allen Hamilton.

He has taught at the Black Hat conferences in Las Vegas, Singapore, and Amsterdam, and continues to speak regularly at premier industry conferences and events around the world.

Mr. Shema's other writing credits include technical columns about Web server security for Security Focus and DevX and technical editor for Incident Response: Investigating Computer Crime. He holds B.S. degrees in Electrical Engineering and French from Penn State University.


Topic Write-up:

The rising popularity and complexity of web application worms brings an increase in the potential for abuse as well as the scope of a malicious attack. More and more publicly reported vulnerabilities have surfaced with evidence that exploits have increased in sophistication and purpose.The scope of exploits will rise because browsers provide a scriptable, relatively uniform interface between a host and the Internet.

The traditional conception of web application security covers how attacks piggyback HTTP(S) through a firewall to attack servers. Yet this is a bidirectional path; web browsers can be attacked by compromised sites with malicious payloads. Such attacks exploit assumptions of trust and security between the browser and web site.

HTML, JavaScript and similar engines like ActiveX, Flash, and Java present a relatively uniform, cross-platform exploit environment for attackers. This combination of delivery mechanism (a vulnerable web application), large victim base (web browsers), and access (no intervening firewalls) produces a significant risk to users. It enables new generations of botnets and provides new threats to users’ information.

This presentation will analyze past web application worms and present the potential for new types of worms and browser attacks. As worms become more complex, they may gain persistence, cross-application targeting, intranet reconnaissance, and take advantage of the inherent trust firewalls place in permitting web traffic into a network. Attendees will be shown how previous worms have exploited browsers as well as JavaScript source, examples and techniques that new ones might use.

Understanding the capabilities of a web application worm is essential for creating defenses. Web browsers have started to implement countermeasures to phishing but the threat reaches beyond identity theft. Browsers are the gateway between a host and the Internet, a path which is all too often unaffected by firewalls or network security devices.

Bio: 

 

Prior to joining Protiviti in July 2005, Patrick held senior leadership positions at Fortune 100 companies in business continuity, internal audit, information technology, strategic planning, and Six Sigma and quality organizations.   Patrick has over 15 years experience with aspects of business continuity management, including risk assessment, developing business impact analyses, designing and implementing plans and testing plans.  His experience also includes emergency response and crisis management.

Bio:

 

Adam is the Managing Partner and co-founder of QuietMove, an Information Security consultancy that focuses on providing comprehensive risk assessment and security training services. He has over 14 years of information technology management experience in information security, software, and product R&D, the last 8 being dedicated solely to security. Adam's particular talents include penetration testing, web application assessment, enterprise risk management, and business development.  He is a technical and business process expert who has led and performed consulting engagements for clients ranging from midsize companies to government agencies and the Fortune 500. Adam is on the advisory board of several emerging IT and biotech companies, and is a frequent speaker at IT Security conferences around the US.

Bio: 

 

Jim manages design and implementation of security technology for the global telecommunications company that provides Internet, voice, data and collaboration services to companies around the world.  Global crossing customers include more than 35% of the Fortune 500, plus 700 carriers, mobile operators and ISPs.  Jim previously managed Global Crossing's incident response team and began his computer career working on the Multics operating system at Honeywell. 

 

Bio:

 

Ronald Olive spent thirty years in law enforcement, the last twenty-two with the NCIS.

  

As a special agent, he worked criminal and CI investigations, counterespionage special operations, and terrorist issues overseas and in the United States and held senior management positions in the Washington, D.C. area. Mr. Olive became the first recipient of the NCIS Counterintelligence Career Achievement Award. He holds a masters degree in Administration of Justice and now runs his own Consulting and Confidential Investigations Company near Phoenix, Arizona. While serving as a U.S. Marine assigned to “Delta” company, 3^rd Marine recon battalion in the former Republic of South Vietnam, he won the Bronze star with combat “V” for valor. Mr. Olive is an instructor for the Department of Energy Counterintelligence Training Academy and works as a retired law enforcement consultant with the National Center for Missing and Exploited Children, Team Adam─Missing Child Rapid Response System.

 

Topic Write-up: 

 

Ronald Olive was the special agent in charge of counterintelligence in the Washington field office of the Naval Criminal Investigative Service (NCIS) who led the whirlwind investigation against Pollard, and garnered the confession that led to his arrest in November 1985. Calling the Pollard story a counterintelligence and security failure, Olive discusses how mistaken assumptions and leadership failures throughout the intelligence community enabled Pollard to ransack America’s closest guarded secrets and defense intelligence long after he should have been fired. The author hopes the vital insights his lecture and book offers will serve as a lesson in history, a wake-up call to our government on the devastating damage that occurs to our national security when rules, regulations and policies are misinterpreted or ignored, and to provide an educational awareness to all citizens of our country. No other spy in the history of the United States has stolen so many secrets, so highly classified, in such a short period of time. Pollard betrayed the trust of America and sold to Israel over one million pages of highly classified information proving that, “Insider betrayal is the most dangerous threat to our national security and national economy.” 

Bio:

 

Neville Cramer was one of the most experienced Special Agents ever to serve in the former Immigration and Naturalization Service (INS). His career spanned more than twenty-six years, and began in the U.S. Border Patrol in Eagle Pass, Texas. Other positions included Supervisory Special Agent, Deputy Assistant Commissioner, Immigration Officer Academy Chief and Special Agent-in-Charge of Overseas Enforcement.

 

Mr. Cramer received his Bachelor’s degree in Law Enforcement Administration from the University of Arizona and his Master’s degree in Criminal Justice from the George Washington University. He graduated from the 110^th Session of the U.S. Border Patrol Academy and was the first INS Special Agent to attend the prestigious FBI National Academy.

 

After retiring in November, 2002, Neville began his own security consulting firm in Scottsdale, Arizona, and has authored two books including “Immigration Chaos – Solutions to an American Crisis” (February, 2008). He has also appeared on CNN’s Lou Dobb’s “Tonight” and is a frequent guest speaker on radio talk shows across the nation.

  

Topic Writeup:  With more than twelve million illegal immigrants in the workforce, security professionals require a basic understanding about the future of this growing problem.

 

Security professionals will learn about the many facets of illegal immigration. There will be a short presentation about the legal and programmatic failures that have allowed illegal immigrants to come, remain and work in the United States. Common weaknesses in human resource procedures will be discussed, especially those relating to employee background and fingerprint checks. There will be an update about any new or pending legislation concerning “comprehensive immigration reform”, H.B. 2779 -Arizona’s new employer sanctions law, strengthened federal employer sanctions, the E-Verify System, and other related legislation.

Bio:

 

Mr. Herberger has extensive public and private sector security background.  A recognized industry expert, he speaks frequently at industry events, including: Gartner’s 2005 IT Security Conference.  Carl has been featured in publications such as the front page of the Wall Street Journal, CISO Magazine, Contingency Planning & Management Magazine, and the Disaster Recovery Journal.  He began his career in the U.S. Air Force.  As an electronic / computer warfare specialist at the Pentagon, Carl evaluated computer security events affecting Air Force operations, and managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force.  Prior to founding Allied InfoSecurity he served as the information security officer at BarclayCard US, as the senior executive in charge of SunGard’s Professional Services IT Security Practice, and as the leader of the Campbell Soup Company’s global IT security and disaster recovery function.

 

Bio:

 

Jay is an innovator, serial-entrepreneur, and seasoned technology business executive with extensive experience in the information security, Internet, software, networking, and telecommunications industries. During Jay’s career, he has founded and led more than six technology companies and has held key positions at several Fortune 500 enterprises, including American Express, AT&T, Cox Communications, and Sprint. Presently, Jay is the CEO of Edgeos, Inc., the company that created and leads the private-labeled network security and vulnerability assessment industry.  Jay is also a board member or strategic advisor to several corporations, industry groups, and universities.  Jay founded and led an information and network security company which has helped customers identify vulnerabilities on thousands of networks spanning across six continents around the world.  He also invented network security industry’s first technologies for zero-overhead internal vulnerability assessments.

Bio: 

 

Marnie manages the Information Security Education & Awareness program for Wells Fargo & Co. Using innovative technology and established channels, she and her team ensure that the company’s 150,000+ team members understand their Information Security responsibilities and are kept abreast of current and relevant Information Security issues. She brings sixteen years of technical and managerial experience in the Financial Services industry. In her ten years with Wells Fargo, Ms. Wilking served in Information Security roles for technology project management, consulting, and policy development.

Bio:  

 

As a versatile security professional of 15 years with specific experience in the area of information security, Kristy is currently employed as the CISO of the Arizona Department of Economic Security. She is skilled in troubleshooting and process analysis.  Kristy possesses specific expertise in forensics, operating system and network security, intrusion detection, incident handling, vulnerability analysis and policy development.  Her department won an award previously for their security awareness program.  Kristy is a frequent industry speaker at security conferences and events.

Bio:

 

Based in Arizona, Kia develops risk management strategies for small and medium business, and provides training on documentation on applicable laws, regulations and standards.  She’s an author and frequent speaker on data security, to ensure business continuity and to prevent data breaches.  Kia earned her undergraduate in Marketing, and her Masters in Business Administration.  She’s a Certified Mediator and is a Certified Identity Theft Risk Management Specialist.

 

Bio: 

 

As the Director of Security for Early Warning, Mr. Owen is responsible for all aspects of Data Security at Early Warning, to include physical and personnel security.    Prior to joining Early Warning, Mr. Owen was the CEO of Optimal Information Security Services, Inc.    Mr. Owen has over 35 years of information security experience which includes: Creating the computer security program for Mission Operations Directorate at Johnson Space Center, Leading penetration test teams for Janus Associates, Creating the information protection program for the Texas Attorney General, and developing the security policy for the University’s of Houston and Texas.  Mr. Owen is a former International President of ISSA and a current member of ASIS and Infragard.

Bio: 

 

Leah is responsible for developing emergency response and business continuity programs and has oversight of the Internal Security team that secures six locations.  Before joining Go Daddy, Leah worked for Vital Processing Services and Apollo Group, parent company of the University of Phoenix, where she was in charge of business continuity and crisis management. Leah has had varied roles in risk management from managing compliance projects and emergency response programs to technical recovery strategies and physical / logical security protocol. 

With more than eight years in the industry, Leah maintains active roles in numerous Business Continuity organizations, including: Corporate Board of The Association of Contingency Planning (ACP), Editorial Board of The Journal of Business Continuity and Emergency Planning, InfraGard, ASIS, and the Arizona Emergency Services Association.

 

Topic Writeup: 

 

The importance and profile of security and continuity have never been higher and Physical and IT security professionals face no shortage of challenges in trying to address more areas with less resources. That visibility has stirred up many buzz words like "convergence" and "resiliency" but what do they really mean? This session will review the "buzz word bingo" and discuss a holistic approach to developing a business continuity management program and why it's important to emphasize risk awareness and mitigation to address potential business interruptions that may occur in any department. 

Bio: 

 

Before joining eTelecare, Kim Jones served in a converged Global CSO/CISO role with eFunds Corporation (a financial technologies firm based in Scottsdale, Arizona).  With 20+ years of professional experience, Mr. Jones has developed and implemented global security practices for companies in many different industries. His previous experience includes positions held in Cap Gemini Ernst & Young's Security Solutions Group; Computer Sciences Corporation's Common Criteria Testing Lab; and the U.S. Army. Kim holds a Bachelors Degree in Computer Science from the U.S. Military Academy (West Point), and a Masters Degree in Information Assurance from Norwich University. 

Bio:

 

Andy joined SECURaGLOBE Solutions Inc. (SGSI) in early 2007.  As the Director of Marketing and Sales, Andy is responsible for ensuring SGSI is visible as the premier provider of security consulting services.  Andy's mandate includes both Canada and the United States.

 

Andy's Marketing and Sales experience includes generating significant revenues for KPMG in both their training and management systems product lines.  Several of the clients that Andy secured for KPMG continue to seek out his expertise and guidance.

 

In addition to Marketing and Sales, Andy has a significant amount of experience in the area of risk assessment and management.  Andy has worked with large international insurers and brokers in reducing their risk exposure to clients that have had higher than usual claims or litigation.

 

Andy's work history includes 16 years with the Department of National Defense, ten years with KPMG and four years operating his own consultancy.  Andy is a Mechanical Engineering Technologist and holds a MBA from the University of Toronto.

 

Topic Write-up: 

 

There are a number of areas where software can be combined with physical security devices to provide information.  However, is this information useful in reducing the risk and improving costs?  This discussion will provide some insight into the military's development of integrated systems and how their deployment experience is pertinent to security professionals today.

Bio:   

 

Matt has over 25 years of experience in managing information systems, designing security architectures and incident response.  Matt is also an instructor in information security at the University of Arizona South.   He has led numerous information security incident responses including cases requiring coordination with the FBI.  Matt provides counsel in the areas of security architecture, IT governance and the implementation of best practices.  He is an expert in network and application performance management and has developed custom solutions in those areas.  Matt previously served as a Principal Consultant with Bay Networks, where he provided services to organizations such as Goldman Sachs and Bell South.  Matt holds a BS in Electrical Engineering from Columbia University and an MS in Computer Science from Polytechnic University.

Bio: 

 

Susan Crinnian is an information systems veteran with over twenty-seven years of driving revenue growth and holding key executive sales positions. Today she handles all marketing and sales for PGI Solutions, LLC. At PGI Solutions, Susan is responsible for building sales teams, channel programs and marketing initiatives from the ground up. She has a Master's of Science in Business and Information systems from Colorado State University, where she graduated at the top of her class with honors. In the past, Susan has held key executive sales positions with Medic Computer Systems, Data General, National Computer Systems, NCR/AT&T and was CEO/President of CCI Networks.

Bio: 

 

Pamela Fusco has accumulated over 23 years of substantial experience as an Information Security and Risk Management expert.  Her extensive background and expertise expand globally encompassing numerous facets of enterprise and business security initiatives.  She was an initial founder of SAFE Bio Inc. and a strategic player in the formation of the company; serving on the BOD, developing, collaborating and supporting legally binding non-repudiation, inter-operable identity management in support of the healthcare and Pharma industries.  She resided on the US Presidential White House Inaugural Staff, and has held prestigious positions as the Chief Security Officer, for Merck & Co., Inc., Digex Inc, MCI Security Solutions and Executive Vice President, Global Information Security, Citigroup and is currently the Chief Security Strategist at FNS.